sFlow: Incorrect length passed to header sample dissector
Summary
sflow dissector incorrectly aligns header sample length to multiple of 4 bytes and passes such value to appropriate sample dissector. As a result, the dissector outputs non-existent "Trailer: 000000" for e.g. 65-byte packets.
The problematic code is in epan/dissectors/packet-sflow.c at line 824:
proto_tree_add_item_ret_uint(tree, hf_sflow_245_sampled_header_length, tvb, offset, 4, ENC_BIG_ENDIAN, &header_length);
offset += 4;
if (header_length % 4) /* XDR requires 4-byte alignment */
header_length += (4 - (header_length % 4));
ti = proto_tree_add_item(tree, hf_sflow_245_header, tvb, offset, header_length, ENC_NA);
sflow_245_header_tree = proto_item_add_subtree(ti, ett_sflow_245_sampled_header);
/* hand the header off to the appropriate dissector. It's probably
* a short frame, so ignore any exceptions. */
next_tvb = tvb_new_subset_length_caplen(tvb, offset, header_length, frame_length);
Surely, XDR requires 4-byte alignment, so header_length alignment to multiple of 4 bytes is needed at the end of dissect_sflow_245_sampled_header() function to correctly compute the offset to next data in sflow packet.
But when header_length is e.g. 65 bytes, this original value (and not 68) needs to be passed to appropriate dissector. Also only 65 real sampled bytes should be printed in "Header of sampled packet:" field.
Build information
master - nightly build
Edited by Petr Hroudný